Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Webacula cannot execute bconsole

2012-11-21 08:32:39
Subject: Re: [Bacula-users] Webacula cannot execute bconsole
From: "Clark, Patricia A." <clarkpa AT ornl DOT gov>
To: "bacula-users AT lists.sourceforge DOT net" <bacula-users AT lists.sourceforge DOT net>
Date: Wed, 21 Nov 2012 08:28:22 -0500 
From: Ryan Jantz <rjantz AT scifit DOT com<mailto:rjantz AT scifit DOT com>>
Date: Tuesday, November 20, 2012 6:06 PM
To: "bacula-users AT lists.sourceforge DOT net<mailto:bacula-users AT 
lists.sourceforge DOT net>" <bacula-users AT lists.sourceforge DOT 
net<mailto:bacula-users AT lists.sourceforge DOT net>>
Subject: Re: [Bacula-users] Webacula cannot execute bconsole

Hello again. So I've been reading and learning (a little) about SELinux today, 
but I haven't made much progress. Setting selinux to permissive resolves the 
error. Selinux context on my /var/www/webacula is:
drwxr-xr-x.  apache apache  system_u:object_r:httpd_sys_content_t:s0

Entries in /var/log/messages are:
bconsole: bsock.c:135 Unable to connect to Director daemon on localhost:9101. 
ERR=Permission denied

My interpretation of that error is bconsole is not able to connect to 
bacula-dir, but I can manually start bconsole. It seems the problem is when 
apache or webacula tries to start bconsole

Selinux context on /usr/sbin/bacula-dir:
lrwxrwxrwx.  root root  unconfined_u:object_r:bin_t:s0

Selinux context on /usr/sbin/bconsole
-rwxr-x---.  root bacula  system_u:object_r:bin_t:s0

I'm not sure what permissions need to be modified. Any ideas?

Thanks

On 11/20/2012 6:31 AM, Ryan Jantz wrote:
Yes.

I figured out SELinux is the problem. If I disable it, the errors stop. Now to 
figure out how to configure SELinux so it plays nice with Apache.

Thanks

On Nov 20, 2012, at 2:17 AM, Radosław Korzeniewski <radoslaw AT korzeniewski 
DOT net<mailto:radoslaw AT korzeniewski DOT net>> wrote:

Hello,

2012/11/19 Ryan Jantz <rjantz AT scifit DOT com<mailto:rjantz AT scifit DOT 
com>>
I am able to run the above command in terminal as root and the apache user 
without any errors. The apache user is a member of the bacula group.
(...)
Any ideas?

Did you restart an apache webserver?

best regards
--
Radosław Korzeniewski
radoslaw AT korzeniewski DOT net<mailto:radoslaw AT korzeniewski DOT net>
------------------------------------------------------------------------------
SELinux is not a simple modify permissions type of fix.  You will need to 
create the policies within SELinux in order to provide the "permissions" in the 
extended attributes that allows Webacula to interact with the director.  This 
is not a trivial exercise, but would be quite valuable to the community if 
successful.  This is why many shops don't consistently use SELinux in enforcing 
mode.

Patti Clark
Linux System Administrator
Research and Development Systems Support Oak Ridge National Laboratory




------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Webacula cannot execute bconsole, Ryan Jantz
Next by Date:  Re: [Bacula-users] Webacula cannot execute bconsole, Simone Caronni
Previous by Thread:  Re: [Bacula-users] Webacula cannot execute bconsole, Ryan Jantz
Next by Thread:  Re: [Bacula-users] Webacula cannot execute bconsole, Simone Caronni
Indexes:  [Date] [Thread] [Top] [All Lists]